Posts tagged “Internet Surveillance”

The Guardian reports that “intelligence agencies are using military aircraft equipped with sophisticated surveillance equipment to eavesdrop on and monitor the movements of suspected terrorists” by flying over cities in the U.K. The plane is thought to be equipped with technology to monitor telephone calls and automatically recognize license plate numbers. The plane’s have also been used by police to “identify people speeding, driving when using mobile phones, overtaking on double white lines, or driving erratically.”

All cyber cafes in the city will now need a police license to keep their business going. All cafes need to register at the police headquarters and provide details on the number of computers installed, type of computers and technical details like the IP address of each machine.

Not fully understanding or improperly using applications that protect your privacy and allow you to bypass censorship can seriously affect your online security. A researcher recently revealed that he was able to gather sensitive data including the user names and passwords of government email accounts by snooping on the traffic of five Tor exit nodes he controlled. If you are not using end to end encryption the Tor exit node can see your traffic in plain text. as the researcher notes:

ToR isn’t the problem, just use it for what it’s made for.

This reminds me of the “trick” a lot of people use in which they set up an email account but don’t actually send email but rather just store email in the drafts folder thinking that this protects them from government surveillance. Unless the full session is encrypted, and many using this technique are using web mail account which only encrypt the login not the rest of the traffic, it can still be snooped even though you are not “sending” the email.

The Bush Administration is seeking to shield telecom’s that participated in its illegal wiretapping scheme from privacy law suits being brought forward against them. However, they do not want to name the dozen or so companies involved. AP reports:

The vaguely worded proposal would shield any person who allegedly provided information, infrastructure or “any other form of assistance” to the intelligence agencies after the Sept. 11, 2001 terror attacks. It covers any classified communications activity intended to protect the country from terrorism.

The article also hints at the scope of the surveillance, not just covering telephone calls but email traffic as well:

Conventional wisdom has long been that the bulk of the surveillance operations — groundbreaking because they lacked judicial oversight — involved primarily telephone calls. However, officials say the Bush administration’s program frequently went after e-mail and other Internet traffic, which al-Qaida has embraced as a key means of communication.

China isn’t the only one hiding behind “state secrets“, it is now the defense in the law suit brought on by EFF on behalf of AT&T customers who were victims of illegal NSA spying.

EFF is representing the plaintiffs in Hepting v. AT&T, a class-action lawsuit brought by AT&T customers accusing the giant telco of violating their rights by illegally assisting the National Security Agency in domestic surveillance. The U.S. government is fighting to get the class-action lawsuit thrown out of court, contending that the litigation jeopardizes state secrets.

“The courts cannot permit the government to evade responsibility for unconstitutional activities with thin claims of ‘state secrets.’ Without judicial review, there is no way to stop abuses of power,” said EFF Legal Director Cindy Cohn. “The courts are well equipped to protect state secrets while determining whether the spying is illegal and if so, to put a stop to it.”

The U.S., which has the most sophisticated electronic surveillance program in the world, has suspended yet another program, ADVISE (Analy­sis, Dissemina­tion, Visu­ali­zation, Insight and Semantic Enhance­ment), after it was found to violate privacy laws. The CMS which uncovered the program in 2006, reports:

From its earliest days, the system’s pilot programs used “live data, including personally identifiable information, from multiple sources in attempts to identify potential terrorist activity,” but without taking steps required by federal law and DHS’s own internal guidelines to keep that data from being misused, the DHS Office of Inspector General (OIG) said in a June report to Congress, which was made public Aug. 13.

This is the third shutdown following the closure of the Pentagon’s TALON database — which monitored peace activists among others — and the infamous Total Information Awareness project.

Bill C-74, the Modernization of Investigative Techniques Act, would have allowed law enforcement agencies to obtain identifying information about you without a warrant. Even worse, it would have forced communications providers to build surveillance back-doors into the hardware that routes our phone calls, Internet traffic, and more. Tell the new Parliament not to erode your privacy – sign our petition today!

My ISP, Bell Sympatico, has modified their “Service Agreement” so that they can monitor or investigate me “without limitation” and pass that information on to the government.

However, you agree that Your Service Provider reserves the right from time to time to monitor the Service electronically, monitor or investigate content or your use of Your Service Provider’s networks, including without limitation bandwidth consumption, and to disclose any information necessary to satisfy any laws, regulations or other governmental request from any applicable jurisdiction, or as necessary to operate the Service or to protect itself or others.

Canadian media coverage has focused on the recent arrests of seventeen Canadians suspected of planning to detonate bombs in Ontario. In addition to the predictable sensationalist, wildy speculative coverage, which truly was awful, reports of Canada’s electronic surveillance capabilities are emerging.

Police credited Internet surveillance with playing a key role in the recent arrests while simultaneously claiming that the technical sophistication of terrorists requires better technology and less restrictions on wiretaps. In conjunction with electronic eavesdropping, Canadian authorities have been moving away from collecting evidence to use in criminal cases and have been engaging in the “disrupting” suspected groups.

However, the RCMP admit that they have never “sought greater authority to conduct monitoring and surveillance” because in Canada, law enforcement only needs Ministerial approval to engage in wholesale surveillance — not specific calls or emails but broad wholesale monitoring.

The arrests come at a time when Canad’s “Anti-Terrorism Act” is set to be renewed by Parliament. Despite the fact that many of the new powers granted law enforcement were never used law enforcement and major news media in Canada want the Act renewed.

As Gwynne Dyer points out in one of the few dissenting articles in this country the rationale behind the need for these increased powers is fundamentally flawed. The case for increased surveillance powers to protect Canadians is based on the presumption of an international terrorist network when in fact the threat is from small, isolated nodes:

Any terrorist attack on Canada is bound to be homegrown, because there is no shadowy but powerful network of international Islamist terrorists waging a war against the West. There are isolated small groups of extremists who blow things up once in a while. There are Web sites and other media through which they can exchange ideas and techniques, but there is no headquarters, no chain of command, no organization that can be defeated, dismantled, and destroyed…

The contrast between the received wisdom—that the world, or at least the West, is engaged in a titanic, unending struggle against a terrorist organisation of global reach—and the not very impressive reality is so great that most people in the West believe the official narrative rather than the evidence of their own eyes. There must be a major terrorist threat; otherwise, the government is wrong or lying, the intelligence agencies are wrong or self-serving, the media are fools or cowards, and the invasion of Iraq had nothing to do with fighting terrorism.

The expansion of increased surveillance technology and powers while decreasing the amount of oversight is a threat to the civil liberties and privacy of Canadians. The fact that fear is exploited to push these powers through is deplorable.

Michael Geist reports that the Canada may be creating a Cyber Security Task Force. Although the Ministry of Public Security and Emergency Preparedness Canada has not announced it the Government Electronic Directory Service now lists a position for a Cyber Security Task Force Secretariat. Geist rasises some key issues including:

First, who will be on the task force? It is essential it include representation from privacy and civil liberties groups. Security is critical but must be imbued with full respect for the privacy and civil liberty rights of all Canadians. Revelations of widespread telephone communications surveillance in the United States — frequently with the secret participation of telecommunications firms — has provided evidence of the danger of focusing on security without counterbalancing with a privacy and civil liberties perspective.

Second, what other legislation could be introduced in such an environment? With a cyber-security task force on the way, speculation will increase that the government is also preparing to bring back so-called “lawful access” legislation. Introduced by the Liberal government, the innocuous-sounding Modernization of Investigative Techniques Act envisioned a host of new legal powers associated with near-ubiquitous surveillance technologies.

As Geist notes, the proposed legislation concerning electronic surveillance requires ISP’s to “install new systems capable of capturing data and identifying specific subscriber activities” and lacks judicial oversight — it allows various law enforcement authorities to simply request subscriber data from ISPs without a warrant.

While China is often singled out for its Internet surveillance capabilities, new whistleblower evidence indicates that China’s Internet surveillance pales in comparison to the United States’ surveillance regime. The latest information reveals that AT&T implemented a sophisticated monitoring and data mining program convering both Internet and telephone communications when asked by the NSA, although the roots of the program appear to be an outgrowth of the Defense Department’s Total Information Awareness (TIA) program. The USA’s extensive system is able to monitor traffic on essentially the entire Internet due to AT&T’s peering links with other major backbone providers:

Another Cut-In and Test Procedure document dated January 24, 2003, provides diagrams of how AT&T Core Network circuits were to be run through the “splitter” cabinet. One page lists the circuit IDs of key Peering Links which were “cut-in” in February 2003, including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West. By the way, Mae West is one of two key internet nodal points in the United States (the other, Mae East, is in Vienna, Virginia). It’s not just WorldNet customers who are being spied on — it’s the entire internet.

The program covers Internet and telephone communications. The EFF has filed suit against AT&T:

The lawsuit alleges that AT&T Corp. has opened its key telecommunications facilities and databases to direct access by the NSA and/or other government agencies, thereby disclosing to the government the contents of its customers’ communications as well as detailed communications records about millions of its customers, including the lawsuit’s class members.

The lawsuit also alleges that AT&T has given the government unfettered access to its over 300 terabyte “Daytona” database of caller information—one of the largest databases in the world. Moreover, by opening its network and databases to wholesale surveillance by the NSA, EFF alleges that AT&T has violated the privacy of its customers and the people they call and email, as well as broken longstanding communications privacy laws.

The US Government’s “Internet Police” (I wonder if there are “30,000” of them?) monitor communications in “real-time” from “secret rooms” located in AT&T buildings:

The normal work force of unionized technicians in the office are forbidden to enter the “secret room,” which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room.

The combination of the technical sophistication of the system and the illegal way in which it has been implemented confirms what many have suspected: the electronic surveillance regime of the US is far more extensive and sophisticated than any other country in the world.

No, not the fight gear or what happens when Rickson gets you in an armbar. USA Today reports:

The National Security Agency has been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth, people with direct knowledge of the arrangement told USA TODAY.

The NSA program reaches into homes and businesses across the nation by amassing information about the calls of ordinary Americans — most of whom aren’t suspected of any crime. This program does not involve the NSA listening to or recording conversations. But the spy agency is using the data to analyze calling patterns in an effort to detect terrorist activity, sources said in separate interviews.

Only Qwest questioned the legality:

Unable to get comfortable with what NSA was proposing, Qwest’s lawyers asked NSA to take its proposal to the FISA court. According to the sources, the agency refused.

The NSA’s explanation did little to satisfy Qwest’s lawyers. “They told (Qwest) they didn’t want to do that because FISA might not agree with them,” one person recalled. For similar reasons, this person said, NSA rejected Qwest’s suggestion of getting a letter of authorization from the U.S. attorney general’s office. A second person confirmed this version of events.

A spoof site of Australian Prime Minister John Howard was shut down due to presure from the government. The closure is reportedly due to a phone complaint from the PM’s office to the Melbourne IT Ltd (http://www.melbourneit.com.au/) the domain registrar for the website johnhowardpm.org. The compaint contended that the parody website was a “phishing” site, something usually associent with identity theft schemes or other scams.

Now, ICANN has a dispute policy that should be followed in cases such as this. While similar to the borat.kz case mentioned by Reporters Without Borders this case is different because ICANN regulates the .org domain. In this case the registrar appears to have violated the ICANN rules. The changes were made to the domain name without 1) consent from the owner, 2) receipt of an order from a court… or 3) receipt of a decision of an Administrative Panel…

The web host was not the target, but rather just the domain registrar. The website was hosted on Yahoo and is still accessible if you access the the original site by directly connecting to the IP (216.39.58.47) on Yahoo’s host and manually feeding in the HTTP HOST header johnhowardpm.org.

As if censorship was not enough Australia has now passed a new surveillance law. MEAA/IFEX explains:

New laws, passed by the Senate yesterday, give law enforcement agencies power to intercept phone calls, emails and text messages of innocent people. This extreme surveillance law poses a severe threat to press freedom – journalists can assume their conversations with sources will be intercepted at any time, says Australia’s media union.

Spies, police and other security agencies will be able to use B-party warrants to tap phones belonging to a suspect’s family, friends, colleagues and lawyer. Other agencies, such as the Australian Tax Office, Customs, and the Australian Securities and Investment Commission (ASIC), will have the power to access stored communications such as email and SMS.

Groups such as Electronic Frontiers Australia have been monitoring the growing body of censorship laws in Australia. The Labor Party is promising to bring in national filtering if elected — to protect children of course, not to silence critics. Of course, as we have seen in the past, filtering is subject to mission creep:

Regardless of the initial reason for implementing Internet filtering, there is increasing pressure to expand its use once the filtering infrastructure is in place.

Yahoo is taking a lot of heat (and rightfully so) for handing over information that landed Chinese journalist, Shi Tao, in jail. But it’s not just in China. Yahoo recently refused to comment on whether they turn over user data to the NSA.

Callahan [Yahoo’s senior vice president and general counsel] refused to say whether a demand from the NSA–not backed by a court order–qualifies as required by law.

It is becoming increasingly clear that electronic surveillance (including illegal eavesdropping) is becoming normalized. These practices were once thought to only be prevelent in authoritarian countries, such as China. But the same techniques used to spy on Chinese dissidents are being used against anti-war activists and others and it is not unreasonable to believe that tech companies are willing, just like in China, to turn over your data.